High Volume MTA to replace smarthost for outbound email
We currently use our ISP's smarthost for sending out automated noreply emails from our system. We are sending around 20000 emails a day and the ISP has asked us to sort out our own MTA as the load is getting a little high for their comfort. Current SMTP Connector is installed on Server 2003 and forwards all email sent to it from our daemons to a external smarthost.
I am looking for recommendations of what would be the best replacement solution.
There is no need for receiving incoming email.
Currently I am considering each of the following,
1. MS Virtual SMTP Server Connector as MTA - it is currently using this to forward to the smarthost
2. Install Postfix on a Linux server and use this as a smarthost
3. Use an third party provider's smarthost in the same way we are using our ISP's at the moment
My main concerns for each are the following:
Would it support sending 20000 emails a day?
Would you recommend SPF record for sending domain to decrease change false positives (SPAM)?
Can DKIM be configured on each?
Which methods are more prone to blacklisting assuming they haven't been comprimised?
This is a mission critical service and it needs to work. If sending domain or IP is blacklisted or filtered by any other servers it would be disastrous. Due to this my main prerequisite is reliability.
Could anyone with experience please give me their opinion?
Thanks
I am looking for recommendations of what would be the best replacement solution.
There is no need for receiving incoming email.
Currently I am considering each of the following,
1. MS Virtual SMTP Server Connector as MTA - it is currently using this to forward to the smarthost
2. Install Postfix on a Linux server and use this as a smarthost
3. Use an third party provider's smarthost in the same way we are using our ISP's at the moment
My main concerns for each are the following:
Would it support sending 20000 emails a day?
Would you recommend SPF record for sending domain to decrease change false positives (SPAM)?
Can DKIM be configured on each?
Which methods are more prone to blacklisting assuming they haven't been comprimised?
This is a mission critical service and it needs to work. If sending domain or IP is blacklisted or filtered by any other servers it would be disastrous. Due to this my main prerequisite is reliability.
Could anyone with experience please give me their opinion?
Thanks
I would choose #2, and my reasoning for this can be found in my following comments.
Would it support sending 20000 emails a day?Absolutely.
Would you recommend SPF record for sending domain to decrease change false positives (SPAM)?You should always use SPF for any sending domain. Keep the IP's you use for these mails separate from your main mail flows, such as regular corporate mail.
Can DKIM be configured on each?Postfix can be easily integrated into postfix using opendkim. I have both running now and it's pretty straight forward, but can be daunting to those new to the concepts. I can help with both. To my knowledge there is no native DKIM signing functionality for Exchange, you have to pay for 3rd party apps to do this. If someone knows otherwise, please comment.
Which methods are more prone to blacklisting assuming they haven't been comprimised?If you setup SPF and DKIM along with a matching A/PTR for your sending server(s), and don't use spammy words like "IMPORTANT!!!!" in your mails, you will avoid most if not all blacklists.
You have to be careful about the volume you send as well, as that is a factor in your overall sending reputation. 20k mails in a day isn't that many and will probably still keep you in the Low volume group, but if you can send to a smaller audience for your first few mailings from your dedicated IP's for these mails, that certainly wouldn't hurt.
You can check your reputation at http://www.senderbase.org and http://www.senderscore.org
You can check your reputation at http://www.senderbase.org and http://www.senderscore.org
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Postfix can be easily integrated into postfix using opendkim.
Woops! That should read DKIM can be easily integrated.
ASKER
Great answers!
FYI: We currently send this volume (20000/day) out using a domain with no SPF, DKIM or matching A/PTR and don't receive any bounce backs. I guess emails could be getting classified as SPAM at the recipient's end but we normally receive notification of this by the client missing deadlines and yelling at us which hasn't happened in at least a year.
I am worried this experience gives me too much confidence so I want to make sure I do my homework first. Keep it coming please!
FYI: We currently send this volume (20000/day) out using a domain with no SPF, DKIM or matching A/PTR and don't receive any bounce backs. I guess emails could be getting classified as SPAM at the recipient's end but we normally receive notification of this by the client missing deadlines and yelling at us which hasn't happened in at least a year.
I am worried this experience gives me too much confidence so I want to make sure I do my homework first. Keep it coming please!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
+send from dedicated IP(s) separate from other mail flows
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
if only takes a day to be blocked, but it will take months or years before you will be remove. lol
prepare for this reply:
"fixed first your reputation before we will allow your domain/IP to pass"
you are sending 20000 a day, we have a total of 4M a months... hahaha
still we have a good reputation. :)
prepare for this reply:
"fixed first your reputation before we will allow your domain/IP to pass"
you are sending 20000 a day, we have a total of 4M a months... hahaha
still we have a good reputation. :)
Pff we send >4M an hour :p
Hello again taga :)
Looks like I have some new "competition" in the enterprise email arena ;)
Hello again taga :)
Looks like I have some new "competition" in the enterprise email arena ;)
@papertrip:
II will just be second to you hehehe... (you have the shield :D )
before I replace the previous EA, it was my first aim to solve our Poor Reputation.
we've been having Poor Rep for years and I am not sure if they tried fixing it.
but whew! I learned Linux the hard way... lol
II will just be second to you hehehe... (you have the shield :D )
before I replace the previous EA, it was my first aim to solve our Poor Reputation.
we've been having Poor Rep for years and I am not sure if they tried fixing it.
but whew! I learned Linux the hard way... lol
ASKER
Ok, so I guess I should change the title to "low to medium volume"... :o)
Anyway, the SMTP Virtual server in IIS that current relays all internal email to our ISP's Smarthost seems to handle the load ok at the moment.
Would using DNS to lookup MX records and send email directly, using SMTP Virtual Connector as an MTA instead of arelay to smarthost, use much more resources when talking about 20000 emails a day and assuming SPF, DKIM R/PTR are setup correctly for sending domain?
FYI: Email relay machine is a Dell PE1750 with Xeon 2.4Ghz and 2GB RAM under average of 30% load
Anyway, the SMTP Virtual server in IIS that current relays all internal email to our ISP's Smarthost seems to handle the load ok at the moment.
Would using DNS to lookup MX records and send email directly, using SMTP Virtual Connector as an MTA instead of arelay to smarthost, use much more resources when talking about 20000 emails a day and assuming SPF, DKIM R/PTR are setup correctly for sending domain?
FYI: Email relay machine is a Dell PE1750 with Xeon 2.4Ghz and 2GB RAM under average of 30% load
hahahaha... and that 20,0000 is low? yaiks!
Good for you... nice Reg. hehehe
We only have virtual machines with Windows 2003 that has 1GB or RAM and 5GB space available. ahehehe... lol
The sending of emails depends on how those Firewall appliance reacts to your relay, so no matter how fast your serer are, it still depends on how those firewall appliance treat your mails. :)
if they want to delay your mails you cant do anytime. :) imho
Good for you... nice Reg. hehehe
We only have virtual machines with Windows 2003 that has 1GB or RAM and 5GB space available. ahehehe... lol
The sending of emails depends on how those Firewall appliance reacts to your relay, so no matter how fast your serer are, it still depends on how those firewall appliance treat your mails. :)
if they want to delay your mails you cant do anytime. :) imho
sorry:
@papertrip: "hahahaha... and that 20,0000 is low? yaiks!"
@papertrip: "hahahaha... and that 20,0000 is low? yaiks!"
ASKER
No problems with firewall we have a 4ms ping to 8.8.8.8 (Google DNS).
What I really want to know is, our setup as it stands works perfectly.
Is it much different to use the same setup to send email direct (using DNS) from IIS Virtual SMTP Server instead of relaying it to a smarthost?
taga:
When you say "those Firewall appliance" I assume you mean all firewall appliances between the sending server and the recipient. This should only change very slightly from the current setup as all that will possibly change is the actual external IP used to send the mail from. This new IP will be on the same physical and geographical network as the previous.
Also what impact will changing the IP address used to send have on SPAM filtering if no SPF record exists in the existing setup but will in the proposed?
Do any mainstream SPAM services use any method other than SPF to keep track of what IP addresses emails for a particular domain are coming from?
What I really want to know is, our setup as it stands works perfectly.
Is it much different to use the same setup to send email direct (using DNS) from IIS Virtual SMTP Server instead of relaying it to a smarthost?
taga:
When you say "those Firewall appliance" I assume you mean all firewall appliances between the sending server and the recipient. This should only change very slightly from the current setup as all that will possibly change is the actual external IP used to send the mail from. This new IP will be on the same physical and geographical network as the previous.
Also what impact will changing the IP address used to send have on SPAM filtering if no SPF record exists in the existing setup but will in the proposed?
Do any mainstream SPAM services use any method other than SPF to keep track of what IP addresses emails for a particular domain are coming from?
On Changing IP:
My way: give that IP a specific domain to relay emails probably around a 200-300 a day, before giving the entire email campaign, if you supply it directly with 1thousands of emails definitely it will be detected by Spam Filtering Appliance(or firewall appliance) having a magnitude of emails going out. there is a big possibility it will be delayed.
No SPF:
most appliance are design to look for SPF configuration in your DNS, in this way they can verify that the originating IP is indeed from your Network, it is highly advisable to have an SPF if you have that magnitude of emails being sent out specially this is a new IP address being introduced.
Tracking IP:
The activity coming from that IP obviously is being recorded by most ISP appliance, most of the time they are relying on RBL, once your IP is being blocked by one RBL site, others will follow blocking that IP address it will happened in minutes without you knowing it.
Your Question:
Is it much different to use the same setup to send email direct (using DNS) from IIS Virtual SMTP Server instead of relaying it to a smarthost?
None Actually, its the receiving Spam Filter Policy will decide if your emails gets thru/delayed or not.
My way: give that IP a specific domain to relay emails probably around a 200-300 a day, before giving the entire email campaign, if you supply it directly with 1thousands of emails definitely it will be detected by Spam Filtering Appliance(or firewall appliance) having a magnitude of emails going out. there is a big possibility it will be delayed.
No SPF:
most appliance are design to look for SPF configuration in your DNS, in this way they can verify that the originating IP is indeed from your Network, it is highly advisable to have an SPF if you have that magnitude of emails being sent out specially this is a new IP address being introduced.
Tracking IP:
The activity coming from that IP obviously is being recorded by most ISP appliance, most of the time they are relying on RBL, once your IP is being blocked by one RBL site, others will follow blocking that IP address it will happened in minutes without you knowing it.
Your Question:
Is it much different to use the same setup to send email direct (using DNS) from IIS Virtual SMTP Server instead of relaying it to a smarthost?
None Actually, its the receiving Spam Filter Policy will decide if your emails gets thru/delayed or not.
when I say "those firewall appliance" I am referring to those who receives your mails.
(sorry for the confusion)
Your New IP will be treated New.
What happened here, is that when that new IP sends volumes of emails, SPAM Filtering appliance might think you have a Dynamic IP(one way to be blocklisted), so before supplying it thousands of emails, I will suggest supply it with lesser traffic of emails for maybe a month. if you can't wait that long and you want that new IP blasting emails then go ahead as long as you know the risk. :)
(sorry for the confusion)
Your New IP will be treated New.
What happened here, is that when that new IP sends volumes of emails, SPAM Filtering appliance might think you have a Dynamic IP(one way to be blocklisted), so before supplying it thousands of emails, I will suggest supply it with lesser traffic of emails for maybe a month. if you can't wait that long and you want that new IP blasting emails then go ahead as long as you know the risk. :)
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Taga went to sleep, and I just woke up.
Seems we haven't made much forward progress with this yet, but at least some questions have been answered.
@Thenos, what else do you need to know?
Seems we haven't made much forward progress with this yet, but at least some questions have been answered.
@Thenos, what else do you need to know?
ASKER
I think that pretty much clears up my questions/concerns.
I am leaning towards using the SMTP virtual server as an MTA to send email direct and slowly adding email traffic to the new IP as taga_ipil suggested. Before commencing this I will add an SPF record with both the old and new IP's, setup DKIM and also a R/PTR.
I think this would be the easiest solution as it would only require very minimal changes from the way things are setup now when working perfectly. We should actually see am improvement as no SPF etc at the moment...
I am leaning towards using the SMTP virtual server as an MTA to send email direct and slowly adding email traffic to the new IP as taga_ipil suggested. Before commencing this I will add an SPF record with both the old and new IP's, setup DKIM and also a R/PTR.
I think this would be the easiest solution as it would only require very minimal changes from the way things are setup now when working perfectly. We should actually see am improvement as no SPF etc at the moment...
I mentioned warming up the IP too, but I wouldn't be heavily concerned with only 20k/day, however if you can lighten the load at first it definitely won't hurt.
Are you sure you will be able to DKIM sign using that virtual server without handing over cash for some 3rd party app?
Are you sure you will be able to DKIM sign using that virtual server without handing over cash for some 3rd party app?
ASKER
Excellent point. Sorry, you did mention it previously as well.
Might start SMTP Virtual Server with SPF and but have Postfix setup and ready to go on different IP so that email can be relayed out a different IP if any problems with inital volume on new IP. This will at least give me a second change if the first new IP does get blocked.
I will maybe add DKIM down the track as it seems it is not essential though could potentially avoid some potential future issues if implemented correctly
Might start SMTP Virtual Server with SPF and but have Postfix setup and ready to go on different IP so that email can be relayed out a different IP if any problems with inital volume on new IP. This will at least give me a second change if the first new IP does get blocked.
I will maybe add DKIM down the track as it seems it is not essential though could potentially avoid some potential future issues if implemented correctly
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for your advise guys. I think I am now ready to start some testing!
but here's my take.
Create a Postfix and make sure it is not an open relay.
put an SPF to make sure only allowed server can send emails from your domain.
add DKIM just to add responsibility from your side.
sending 20,000 emails a day, will cause email reputation and you might not like it be 50%-60& of those emails getting bounced-back.
The best if willing is to have a 3rd party Email Campaign to do the job, but it will cause you $$$.
Just my thoughts :)